The Book of PF Erratum 01: hoststated Tables and Redirection Targets
--------------------------------------------------------------------
January 26, 2008
The Book of PF, page 52 states
"To make this configuration work with hoststated, we need to change the
webpool definition to table form, like this
table persist { 192.0.2.214, 192.0.2.215, 192.0.2.216, 192.0.2.217 }
and change the redirection to use the new table:
rdr on $ext_if from any to $webserver port $webports -> \
round-robin sticky-address"
This is incorrect. While what hoststated does is conceptually similar,
the redirection logic is handled inside the hoststated anchor. The
correct phrase is
"To make this configuration work slightly better we remove the
redirection, and let hoststated handle the redirection by setting up
its own version inside the redirection anchor. Conceptually this
changes the redirection target to a table, which is set up and
maintained by hoststated. Do not remove the pass rule, however. For
obvious reasons, your rule set will still need to have a pass rule
that lets traffic flow to the IP addresses in hoststated's tables."